Skills
skills/wgpsec/aboutsecurity/msf-oneshot/Gen Agent Trust Hub

msf-oneshot

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using msfconsole and msfvenom. These commands are used to configure exploits, scan for vulnerabilities, and generate binary payloads.
  • [REMOTE_CODE_EXECUTION]: The methodology involves invoking Metasploit modules designed to achieve remote code execution on target systems, specifically targeting vulnerabilities such as EternalBlue (MS17-010) and BlueKeep (CVE-2019-0708).
  • [DATA_EXFILTRATION]: The instructions cover post-exploitation procedures for extracting sensitive data from compromised targets, including the use of hashdump for credential harvesting and the download command for file retrieval.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by requiring the agent to process data returned from untrusted remote systems through the Metasploit console. The instructions lack explicit guidance on boundary markers or sanitization of target-provided output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:58 AM